A new F-Secure poll shows that passwords are a problem even for tech-conscious consumers. Here’s the essential post-Heartbleed tip everyone should follow.
A new F-Secure survey shows that passwords remain a problem even for tech-conscious consumers. In the poll*, promoted via F-Secure social media channels, 43% of respondents report using the same password for more than one important account – a big no-no for proper password hygiene.
58% of poll respondents have over 20 password-protected online accounts or simply too many too keep track of. 27% have between 11 and 20 password-protected accounts and 15% have under 10. But even with so many accounts, just 40% use a password manager to keep track of them.
Encouragingly, 57% of poll respondents changed passwords after hearing about Heartbleed. Of poor password habits, the most common was using the name of a family member. The next most common poor password habit was using a pet name, and then using generic passwords like “Password” or “123456.”
Post-Heartbleed, it’s especially important to pay some attention to passwords. But getting all one’s passwords in order – setting a unique, strong password for each individual account – can seem like too big a job, which is why many aren’t doing it. And there’s a lot of advice out there on how to generate and manage passwords. What’s the average person to do? Sean Sullivan, Security Advisor at F-Secure shares the one fundamental tip that everyone should remember:
“Identify the critical accounts to protect, and then make sure the passwords for those accounts are unique and strong.”
Sullivan’s advice takes into account the fact that many people have accounts for services where little personal information is stored. “If you created an account for some website and there’s hardly anything more in there than your username and password, then that’s probably not a critical account,” he says. “But your Amazon account with your credit card info, your bank account, your primary email accounts, the Facebook account with your life story, these are examples of the critical ones. If you don’t have time or inclination to tackle everything, at least take care of those.”
A prime example of a critical account is an email account that is used as the point of contact for password resets on other accounts. For these “master key” accounts, it’s a good idea to activate two-factor authentication if available.
But how to protect those critical accounts? Use a secure password manager likeF-Secure Key. F-Secure Key stores passwords, usernames and other credentials so you can access them through one master password. It includes a password generator that helps create new passwords that are safe and unique. F-Secure Key also contains a built-in newsfeed from F-Secure Labs to let you know about major hacking incidents.
Your data right on your device
With F-Secure Key, there’s no need to worry about where your password data is being stored. It’s stored and accessed locally using strong encryption right on your device. And if you choose to upgrade to the premium version you can synchronize your encrypted password data across all your devices. Synchronization happens securely using an encrypted connection.
F-Secure Key is free to use on any one device. To sync passwords between devices, it’s 1,69€ per month. F-Secure Key is available for Android 4.0 and later, iOS 5 and later, Windows 7 and later, and Mac OSX 10.7 and later. It can be downloaded on the Apple App Store and in Google Play, as well as at f-secure.com/key.
*224 Internet users around the globe participated in the survey, which was promoted through Facebook, Twitter, Google Plus and the F-Secure Safe and Savvy blog and conducted through Surveygizmo, May 2014.